Hacker claims breach of 50, 000 accounts from Wall Street IT recruiting firm

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

https://www.computerworld.com/s/article/9229336/Hacker_claims_breach_of_50_000_accounts_from_Wall_Street_IT_recruiting_firm

By Jaikumar Vijayan
Computerworld
July 18, 2012

A hacker today claimed to have broken into ITWallStreet.com, a website for 
IT professionals who are seeking Wall Street jobs or working with Wall 
Street firms, and exposed highly detailed data belonging to tens of 
thousands of job applicants.

As many as 12 data files containing detailed information on job applicants 
were publicly posted today after they had apparently been accessed from an 
ITWallStreet database by a hacker who's a member of a group called 
TeamGhostShell.

A Computerworld inspection of the published data showed the first and last 
names, mailing addresses, email addresses, usernames, hashed passwords and 
phone numbers of what appear to be thousands of people who have applied 
for IT jobs with Wall Street firms. Many of the thousands of hashed 
passwords appear to have already been decrypted into their clear text 
form.

The data dump included details such as salary and bonus expectations of 
the job seekers and even feedback on specific candidates. One of the 
published files, for instance, contained snippets of email exchanges 
presumably between recruiters and account managers discussing the 
viability of certain candidates for specific jobs.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.